Enabling HTTPBoot plugin for Foreman 1.20

UEFI clients are capable of booting from HTTP or HTTPS if they are given a valid URL via DHCP filename option. Publishing required files is achieved with module which will publish tftp directory via http and https on /EFI endpoint for HTTP BOOT UEFI and /httpboot for generic http boot (iPXE) with the same content. Because we do lack installer support for this feature for now, few steps are needed to configure Foreman so it servers boot files over http:

  1. Enable HTTPBoot plugin: in /etc/foreman-proxy/settings.d/httpboot.yml set :enabled: true
  2. Restart services, so config change will take effect:
    # foreman-maintain service restart
  3. In webUI refresh integrated capsules features with Infrastructure -> Capsules -> <foreman’s capsule> -> Refresh features and make sure “HTTPBoot” is now listed in “Active features” there
  4. Assign this HTTPBoot capsule to to the subnet(s): Infrastructure -> Subnets -> -> Capsules and select the capsule and press “Submit”
  5. Now when creating a host, on “Operating system” tab set “PXE Loader” to “Grub2 UEFI HTTP”

This will cause UEFI firmware on provisioned machine to download the following loader according to the settings (assuming that smart-proxy is registered to foreman via standard port 8443 or 9090 for katello setup):

  • Smart Proxy HTTPBoot feature set in a Subnet + Grub2 UEFI HTTP: http://<httpboot_proxy>:8443/httpboot/grub2/grubx64.efi. (*)
  • Smart Proxy HTTPBoot feature set in a Subnet + Grub2 UEFI HTTPS: https://<httpboot_proxy>:8443/httpboot/grub2/grubx64.efi.
  • Smart Proxy HTTPBoot feature not set in a Subnet + Grub2 UEFI HTTP: http://<unattended_url>/httpboot/grub2/grubx64.efi.
  • Smart Proxy HTTPBoot feature not set in a Subnet + Grub2 UEFI HTTPS: https://<unattended_url>/httpboot/grub2/grubx64.efi. (*)

(*) - these combination will not work since protocol and port will not match. As you can see, this still needs more love. The PXE Loader code needs to be extended to recognize which HTTP and HTTPS ports are used for a given capsule and set that appropriately.

The grubx64.efi file is being served from well known /var/lib/tftpboot/... directory.

2 Likes

To fix this oversight I’ve created a PR. I’d welcome feedback. If this works in nightly I’d be happy to backport this to 1.21.1 and 1.20.3.

https://github.com/theforeman/puppet-foreman_proxy/pull/494

3 Likes

Thanks, I’ve converted the OP to wiki and made some changes. I realized that some combinations will not work with the current codebase and we need to do some changes unfortunately. With some bit of attention tho, HTTPBoot feature is usable.

1 Like

I’m not sure if I have found your wiki entry or not. Is it this one: Fetch boot files via http instead of TFTP - Foreman If not, can you paste the link here, please?

No, I just changed the original post to wiki (Discourse) so others can contribute and made some small improvements. The wiki you refer to is something different.

What are Capsules? That’s not an option in my Foreman interface.

(Maybe it’s different in different languages? I’m in the USA.)

In Red Hat’s productized version of Foreman, Smart Proxies are called Capsules.
Apologies for any confusion!

1 Like

No problem. Thanks for the clarification. Good to know.